We all work remotely with Cisco routers and Switches, we often do login to do some configuration changes in the Cisco routers and Switches. What if we configured wrongly in the live Cisco routers and Switches which are located in the remote sites, we don’t enjoy the liberty of resetting the devices unless we have control over the power distribution.
In this scenario the “reload” command proves to be very handy and useful. Just before making any changes to the configuration we can use the “reload” command as demonstrated below
ITKE-Cisco#reload in ?
Delay before reload (mmm or hhh:mm)
ITKE-Cisco#reload in 10
System configuration has been modified. Save? [yes/no]: no
Reload scheduled in 10 minutes by yasir on vty0 (10.0.0.5)
Proceed with reload? [confirm]
*** — SHUTDOWN in 0:05:00 —
The above demonstrated command will reload the device in 10 minutes. After applying the “reload” command we can proceed with the configuration changes. If things go wrong and we lost connectivity
to the device, then try back after 10 minutes as the device will get reloaded with the original startup-configuration which can helps us to restore the connectivity to the device.
Once we are sure about the new configuration and its working properly without any hassles there is always a way “reload cancel” command is there to cancel the reload.
I find this command to be very handy and useful especially when we have to telnet or SSH to remote Cisco router or a Switch.]]>
Dear Friends, hope everyone is having great holidays, have fun. In my previous post I was focusing on some of the limitations of Etherchannel. Now let’s proceed a step ahead and figure out about the Etherchannel negotiation protocols. Etherchannels can be negotiated between two Cisco Catalyst Switches to provide some dynamic link configuration.
Basically there are two types of protocols are available, which can be used to bundled the automated creation of an Etherchannel in the Cisco Catalyst Switches.
In upcomming post I will try to concentrate on automating the creation of an Etherchannel . Have fun and happy new year 2009.]]>
· An Etherchannel Group Number must be in the range of 1 to 256.
· All ports in the target Etherchannel group MUST be in the same VLAN.
· If one physical link in the Etherchannel group is a TRUNK, then all other ports must be configured as trunks carrying the same VLAN information.
· Any defined broadcast limits must be the same across all ports in an Etherchannel.
· An LACP Etherchannel group cannot support any physical links in half duplex mode.
· No port in the Etherchannel group can be defined as a SPAN port.]]>
In the following example we will configure the interface fast Ethernet 0/9 to default configuration
Current Configuration for fast Ethernet 0/9
ITKE-Cisco#sho running-config interface fastEthernet 0/9
Current configuration : 85 bytes
switchport access vlan 100
switchport mode access
Now we will configure the fast Ethernet 0/9 to default configuration using the following command
“default interface fastEthernet 0/9”
Enter configuration commands, one per line. End with CNTL/Z.
ITKE-Cisco(config)#default interface fastEthernet 0/9
Interface FastEthernet0/6 set to default configuration
Running configuration for fast Ethernet 0/9 after configuring to default settings
ITKE-Cisco#sho running-config interface fastEthernet 0/9
Current configuration : 68 bytes
switchport mode dynamic desirable
The above configuration will capture all traffic from interface gigabitEthernet 0/5 and send it to SPAN port interface gigabitEthernet 0/10
Configuration Example – Monitoring an entire VLAN traffic
ITKEAS01(config)#monitor session 1 source vlan 100
ITKEAS01(config) monitor session 1 destination interface gigabitEthernet 0/10 The above configuration will capture all traffic of VLAN 100 and send it to SPAN port interface gigabitEthernet 0/10
Use show monitor session 1 to verify your configuration.]]>
All Switch to Switch connections are configured as 802.1 1Q Trunk ports.
IP Address and HSRP Details for the Core Switches From the above scenario we have two Cisco 6513 Series Switches as a Core/ Distribution with three VLANS one for management of Switches VLAN 50,VLAN 100 for all the servers and VLAN 101 for clients. Two Cisco 3560 Series Switches as Server Farm Switches and a Cisco 3560 Series Switch as an Access Switch.There are two DHCP servers with an IP address 10.0.1.100 and 10.0.1.101 connected with Server Farm Switches with HP NIC teaming. We configure DHCP Snooping based on above scenario.
The first step to configure DHCP Snooping is to turn on DHCP snooping in all Cisco Switches using the “ip dhcp snooping” command.
All Cisco Switches (config)#ip dhcp snooping Second step is to configure the trusted interfaces, from the above scenario all trunk ports are configured as trusted ports as well as the interfaces G0/7,(ITKESF01 220.127.116.11), G0/17,(ITKESF02 18.104.22.168), G0/9 ITKESF01 22.214.171.124) and G0/18 ITKESF02 126.96.36.199) connected to DHCP servers with IP 10.0.1.100 and 10.0.1.101. Lets configure all trunk ports in ITKEBB01
ITKEBB01(config)#interface range gigabitEthernet 3/21 – 23
ITKEBB01 (config-if)#ip dhcp snooping trust
Now let’s configure all trunk ports in ITKEBB02
ITKEBB02(config)#interface range gigabitEthernet 3/21 – 23 ITKEBB02 (config-if)#ip dhcp snooping trust
ITKEBB02 (config)#interface gigabitEthernet 3/16
ITKEBB02 (config-if)#ip dhcp snooping trust
Now let’s configure the trusted ports for the DHCP servers
ITKESF01(config)#interface gigabitEthernet 0/7
ITKESF01 (config-if)#ip dhcp snooping trust
ITKESF01(config)#interface gigabitEthernet 0/17 ITKESF01 (config-if)#ip dhcp snooping trust
ITKESF02(config)#interface gigabitEthernet 0/9
ITKESF02 (config-if)#ip dhcp snooping trust
ITKESF02(config)#interface gigabitEthernet 0/18 ITKESF02 (config-if)#ip dhcp snooping trust
Now let’s configure the trunk ports Access Switch ITKEAS01
ITKEAS01(config)#interface range gigabitEthernet 0/49 – 52
ITKEAS01 (config-if)#ip dhcp snooping trust
Finally we are going to configure VLANS for DHCP snooping DHCP snooping will used on all the VLANs (VLAN 100 & 101)except management VLAN 50 . Also we will limit the requests rate received in the Access Switch (ITKEAS01) ALL SWITCHES(config)# ip dhcp snooping VLAN 100,101
ITKEAS01(config)#interface range gigabitEthernet 0/1 – 48
ITKEAS01 (config-if)#ip dhcp snooping limit rate 20
Displaying the DHCP snooping
For further reference please do check this article from Cisco about DHCP snooping.]]>
ITKE(config)# snmp-server group ITKEview v3 auth
Finally let’s create a SNMP username called “ITKEuser” and grant it an access to the “ITKEGroup” that we created in previous step. We will provide an authentication password as well as privacy password which will serve as an encryption key for the SNMP protocol. ITKE(config)# nmp-server user ITKEuser ITKEGroup v3 auth md5 ITKEpass priv des56 ITKEpass2]]>